Yesterday, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that processes data for health care providers, issued a press release about an incident that occurred last year. From their release: What Happened? On December 30, 2020, We learned that an unauthorized actor who attempted to deploy…
Category: Health Data
NY: “Grief” claims to have breached Rehabilitation Support Services
A rehabilitation and support services agency that provides services to more than 3,000 individuals with psychiatric and substance abuse disorders each year has been the victim of a cyberattack by threat actors call themselves “Grief.” Rehabilitation Support Services, Inc. (RSS) operates in 13 upstate New York counties through 5 service divisions. According to their web…
Hackety hack hack…
There are so many breach reports that it’s hard to even find all the notices and reports about them these days. These days, there are many breaches that I log in worksheets I compile for Protenus’s Breach Barometer annual report but never even post on this blog. Just today, for example, I found: a notice…
Canadian non-profit hit by malware gets help — from the threat actor
Good Shepherd Centres in Canada recently disclosed a breach involving protected health information that occurred on September, 27, 2020. On June 29, Good Shepherd posted a statement that explains that it had been the victim of an attempt to shut down its systems, but that the attacker(s) “quickly facilitated restoration after realizing that Good Shepherd…
Belden issues substitute notice for November, 2020 breach
In November, 2020, networking equipment vendor Belden revealed that they had been the victim of a cyberattack. DataBreaches.net noted it at the time, but did not realize any protected health information was involved until April, 2021, when Belden notified HHS that protected health information they maintained as part of their health plan had been potentially…
Norwegian DPA: Oslo University Hospital ordered to amend agreements
The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries. The Data Protection Authority understands that it is important to be able to use laboratories in other countries when the hospital or other Norwegian laboratories do…